function create_backup_is_admin($_cid)
{
$this_section = SECTION_COURSES;
if (isset($_GET['session']) && $_GET['session']) {
$archive_path = api_get_path(SYS_ARCHIVE_PATH);
$_cid = true;
$is_courseAdmin = true;
} else {
$archive_path = api_get_path(SYS_ARCHIVE_PATH);
}
$archive_file = $_GET['archive'];
$archive_file = str_replace(array('..', '/', '\\'), '', $archive_file);
list($extension) = getextension($archive_file);
if (empty($extension) || !file_exists($archive_path . $archive_file)) {
return false;
}
$extension = strtolower($extension);
$content_type = '';
if (in_array($extension, array('xml', 'csv')) && (api_is_platform_admin(true) || api_is_drh())) {
$content_type = 'application/force-download';
// TODO: The following unclear condition is commented ant is to be checked. A replacement has been proposed.
//} elseif (strtolower($extension) == 'zip' || ('html' && $_cid && (api_is_platform_admin(true) || $is_courseAdmin))) {
} elseif ($extension == 'zip' && $_cid && (api_is_platform_admin(true) || $is_courseAdmin)) {
//
$content_type = 'application/force-download';
}
if (empty($content_type)) {
return false;
}
return true;
}
function storage_can_set($sv_user) {
// platform admin can change any user's stored values, other users can only change their own values
$allowed = ((api_is_platform_admin()) || ($sv_user == api_get_user_id()));
if (!$allowed) {
print "ERROR : Not allowed";
}
return $allowed;
}
/**
* @param string $name
* @param Request $request
* @return Response
*/
public function classicAction($name, Request $request)
{
// get.
$_GET = $request->query->all();
// post.
$_POST = $request->request->all();
$rootDir = $this->get('kernel')->getRealRootDir();
//$_REQUEST = $request->request->all();
$mainPath = $rootDir . 'main/';
$fileToLoad = $mainPath . $name;
// Setting legacy values inside the container
/** @var Connection $dbConnection */
$dbConnection = $this->container->get('database_connection');
$em = $this->get('kernel')->getContainer()->get('doctrine.orm.entity_manager');
$database = new \Database($dbConnection, array());
$database->setConnection($dbConnection);
$database->setManager($em);
Container::$container = $this->container;
Container::$dataDir = $this->container->get('kernel')->getDataDir();
Container::$courseDir = $this->container->get('kernel')->getDataDir();
//Container::$configDir = $this->container->get('kernel')->getConfigDir();
$this->container->get('twig')->addGlobal('api_get_cidreq', api_get_cidreq());
//$breadcrumb = $this->container->get('chamilo_core.block.breadcrumb');
if (is_file($fileToLoad) && \Security::check_abs_path($fileToLoad, $mainPath)) {
// Files inside /main need this variables to be set
$is_allowed_in_course = api_is_allowed_in_course();
$is_courseAdmin = api_is_course_admin();
$is_platformAdmin = api_is_platform_admin();
$toolNameFromFile = basename(dirname($fileToLoad));
$charset = 'UTF-8';
// Default values
$_course = api_get_course_info();
$_user = api_get_user_info();
$debug = $this->container->get('kernel')->getEnvironment() == 'dev' ? true : false;
// Loading file
ob_start();
require_once $fileToLoad;
$out = ob_get_contents();
ob_end_clean();
// No browser cache when executing an exercise.
if ($name == 'exercice/exercise_submit.php') {
$responseHeaders = array('cache-control' => 'no-store, no-cache, must-revalidate');
}
$js = isset($htmlHeadXtra) ? $htmlHeadXtra : array();
// $interbreadcrumb is loaded in the require_once file.
$interbreadcrumb = isset($interbreadcrumb) ? $interbreadcrumb : null;
$template = Container::$legacyTemplate;
$defaultLayout = 'layout_one_col.html.twig';
if (!empty($template)) {
$defaultLayout = $template;
}
return $this->render('ChamiloCoreBundle::' . $defaultLayout, array('legacy_breadcrumb' => $interbreadcrumb, 'content' => $out, 'js' => $js));
} else {
// Found does not exist
throw new NotFoundHttpException();
}
}
/**
* Handles default Chamilo scripts handled by Display::display_header() and display_footer()
*
* @param \Silex\Application $app
* @param string $file
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response|void
*/
public function classicAction(Application $app, $file)
{
$responseHeaders = array();
/** @var Request $request */
$request = $app['request'];
// get.
$_GET = $request->query->all();
// post.
$_POST = $request->request->all();
// echo $request->getMethod();
//$_REQUEST = $request->request->all();
$mainPath = $app['paths']['sys_root'] . 'main/';
$fileToLoad = $mainPath . $file;
if (is_file($fileToLoad) && \Security::check_abs_path($fileToLoad, $mainPath)) {
// Default values
$_course = api_get_course_info();
$_user = api_get_user_info();
$charset = 'UTF-8';
$debug = $app['debug'];
$text_dir = api_get_text_direction();
$is_platformAdmin = api_is_platform_admin();
$_cid = api_get_course_id();
// Loading file
ob_start();
require_once $mainPath . $file;
$out = ob_get_contents();
ob_end_clean();
// No browser cache when executing an exercise.
if ($file == 'exercice/exercise_submit.php') {
$responseHeaders = array('cache-control' => 'no-store, no-cache, must-revalidate');
}
// Setting page header/footer conditions (important for LPs)
$app['template']->setFooter($app['template.show_footer']);
$app['template']->setHeader($app['template.show_header']);
if (isset($htmlHeadXtra)) {
$app['template']->addJsFiles($htmlHeadXtra);
}
if (isset($interbreadcrumb)) {
$app['template']->setBreadcrumb($interbreadcrumb);
$app['template']->loadBreadcrumbToTemplate();
}
if (isset($tpl)) {
$response = $app['twig']->render($app['default_layout']);
} else {
$app['template']->assign('content', $out);
$response = $app['twig']->render($app['default_layout']);
}
} else {
return $app->abort(404, 'File not found');
}
return new Response($response, 200, $responseHeaders);
}
/**
*
* @return string
*/
public function indexAction(Application $app, $id)
{
$actions = null;
if (api_is_platform_admin()) {
$actions = '<a href="' . api_get_path(WEB_PATH) . 'main/admin/system_announcements.php">' . \Display::return_icon('edit.png', get_lang('EditSystemAnnouncement'), array(), 32) . '</a>';
}
if (api_is_anonymous()) {
$visibility = \SystemAnnouncementManager::VISIBLE_GUEST;
} else {
$visibility = api_is_allowed_to_create_course() ? \SystemAnnouncementManager::VISIBLE_TEACHER : \SystemAnnouncementManager::VISIBLE_STUDENT;
}
$content = \SystemAnnouncementManager::display_announcements_slider($visibility, $id);
$app['template']->assign('content', $content);
$app['template']->assign('actions', $actions);
$response = $app['template']->renderLayout('layout_1_col.tpl');
return new Response($response, 200, array());
}
/**
* @inheritdoc
*/
public function __construct($router, $toolbar = null, $config = array(), $prefix = null)
{
// Adding plugins depending of platform conditions
$plugins = array();
if (api_get_setting('document.show_glossary_in_documents') == 'ismanual') {
$plugins[] = 'glossary';
}
if (api_get_setting('editor.youtube_for_students') == 'true') {
$plugins[] = 'youtube';
} else {
if (api_is_allowed_to_edit() || api_is_platform_admin()) {
$plugins[] = 'youtube';
}
}
if (api_get_setting('editor.enabled_googlemaps') == 'true') {
$plugins[] = 'leaflet';
}
if (api_get_setting('editor.math_asciimathML') == 'true') {
$plugins[] = 'asciimath';
}
if (api_get_setting('editor.enabled_mathjax') == 'true') {
$plugins[] = 'mathjax';
$config['mathJaxLib'] = api_get_path(WEB_PATH) . 'web/assets/MathJax/MathJax.js?config=AM_HTMLorMML';
}
if (api_get_setting('editor.enabled_asciisvg') == 'true') {
$plugins[] = 'asciisvg';
}
if (api_get_setting('editor.enabled_wiris') == 'true') {
// Commercial plugin
$plugins[] = 'ckeditor_wiris';
}
if (api_get_setting('editor.enabled_imgmap') == 'true') {
$plugins[] = 'mapping';
}
/*if (api_get_setting('block_copy_paste_for_students') == 'true') {
// Missing
}*/
if (api_get_setting('editor.more_buttons_maximized_mode') == 'true') {
$plugins[] = 'toolbarswitch';
}
if (api_get_setting('editor.allow_spellcheck') == 'true') {
$plugins[] = 'scayt';
}
$this->defaultPlugins = array_merge($this->defaultPlugins, $plugins);
parent::__construct($router, $toolbar, $config, $prefix);
}
/**
* Get course data to display
* @param int $from
* @param int $number_of_items
* @param int $column
* @param string $direction
*
* @return array
*/
function get_course_data($from, $number_of_items, $column, $direction)
{
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT code AS col0,\n title AS col1,\n code AS col2,\n course_language AS col3,\n category_code AS col4,\n subscribe AS col5,\n unsubscribe AS col6,\n code AS col7,\n visibility AS col8,\n directory as col9,\n visual_code\n \t\tFROM {$course_table}";
if ((api_is_platform_admin() || api_is_session_admin()) && api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1) {
$access_url_rel_course_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql .= " INNER JOIN {$access_url_rel_course_table} url_rel_course ON (id = url_rel_course.c_id)";
}
if (isset($_GET['keyword'])) {
$keyword = Database::escape_string("%" . trim($_GET['keyword']) . "%");
$sql .= " WHERE (\n title LIKE '" . $keyword . "' OR\n code LIKE '" . $keyword . "' OR\n visual_code LIKE '" . $keyword . "'\n )\n ";
} elseif (isset($_GET['keyword_code'])) {
$keyword_code = Database::escape_string("%" . $_GET['keyword_code'] . "%");
$keyword_title = Database::escape_string("%" . $_GET['keyword_title'] . "%");
$keyword_category = Database::escape_string("%" . $_GET['keyword_category'] . "%");
$keyword_language = Database::escape_string("%" . $_GET['keyword_language'] . "%");
$keyword_visibility = Database::escape_string("%" . $_GET['keyword_visibility'] . "%");
$keyword_subscribe = Database::escape_string($_GET['keyword_subscribe']);
$keyword_unsubscribe = Database::escape_string($_GET['keyword_unsubscribe']);
$sql .= " WHERE\n (code LIKE '" . $keyword_code . "' OR visual_code LIKE '" . $keyword_code . "') AND\n title LIKE '" . $keyword_title . "' AND\n category_code LIKE '" . $keyword_category . "' AND\n course_language LIKE '" . $keyword_language . "' AND\n visibility LIKE '" . $keyword_visibility . "' AND\n subscribe LIKE '" . $keyword_subscribe . "' AND\n unsubscribe LIKE '" . $keyword_unsubscribe . "'";
}
// Adding the filter to see the user's only of the current access_url.
if ((api_is_platform_admin() || api_is_session_admin()) && api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1) {
$sql .= " AND url_rel_course.access_url_id=" . api_get_current_access_url_id();
}
$sql .= " ORDER BY col{$column} {$direction} ";
$sql .= " LIMIT {$from}, {$number_of_items}";
$res = Database::query($sql);
$courses = array();
$languages = api_get_languages_to_array();
while ($course = Database::fetch_array($res)) {
// Place colour icons in front of courses.
$show_visual_code = $course['visual_code'] != $course[2] ? Display::label($course['visual_code'], 'info') : null;
$course[1] = get_course_visibility_icon($course[8]) . '<a href="' . api_get_path(WEB_COURSE_PATH) . $course[9] . '/index.php">' . $course[1] . '</a> ' . $show_visual_code;
$course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
$course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
$language = isset($languages[$course[3]]) ? $languages[$course[3]] : $course[3];
$course_rem = array($course[0], $course[1], $course[2], $language, $course[4], $course[5], $course[6], $course[7]);
$courses[] = $course_rem;
}
return $courses;
}
/**
* @param int $group_id
* @param int $user_id
* @return bool
*/
public function is_group_member($group_id, $user_id = 0)
{
if (api_is_platform_admin()) {
return true;
}
if (empty($user_id)) {
$user_id = api_get_user_id();
}
$roles = array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR, GROUP_USER_PERMISSION_READER, GROUP_USER_PERMISSION_HRM);
$user_role = self::get_user_group_role($user_id, $group_id);
if (in_array($user_role, $roles)) {
return true;
} else {
return false;
}
}
$from = isset($_GET['from']) ? $_GET['from'] : null;
// Starting the output buffering when we are exporting the information.
$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
$session_id = intval($_REQUEST['id_session']);
if ($from == 'myspace') {
$from_myspace = true;
$this_section = "session_my_space";
} else {
$this_section = SECTION_COURSES;
}
// Access restrictions.
$is_allowedToTrack =
api_is_platform_admin() ||
api_is_allowed_to_create_course() ||
api_is_session_admin() ||
api_is_drh() ||
api_is_course_tutor() ||
api_is_course_admin();
if (!$is_allowedToTrack) {
api_not_allowed(true);
exit;
}
// If the user is a HR director (drh)
if (api_is_drh()) {
// Blocking course for drh
if (api_drh_can_access_all_session_content()) {
* @author Isaac Flores Paz <*****@*****.**>
* @todo use Display::panel()
* @package chamilo.social
*/
$cidReset = true;
require_once '../inc/global.inc.php';
// Include OpenGraph NOT AVAILABLE
require_once api_get_path(LIBRARY_PATH) . 'opengraph/OpenGraph.php';
if (api_get_setting('allow_social_tool') != 'true') {
$url = api_get_path(WEB_PATH) . 'whoisonline.php?id=' . intval($_GET['u']);
header('Location: ' . $url);
exit;
}
$user_id = api_get_user_id();
$friendId = isset($_GET['u']) ? intval($_GET['u']) : api_get_user_id();
$isAdmin = api_is_platform_admin($user_id);
$userGroup = new UserGroup();
$show_full_profile = true;
//social tab
$this_section = SECTION_SOCIAL;
//Initialize blocks
$social_extra_info_block = null;
$social_course_block = null;
$social_group_info_block = null;
$social_rss_block = null;
$social_session_block = null;
if (!empty($_POST['social_wall_new_msg_main']) || !empty($_FILES['picture']['tmp_name'])) {
$messageId = 0;
$messageContent = $_POST['social_wall_new_msg_main'];
if (!empty($_POST['url_content'])) {
$messageContent = $_POST['social_wall_new_msg_main'] . '<br><br>' . $_POST['url_content'];
/**
* Removes the category with id=in_id from the database if no question use this category
* @todo I'm removing the $in_id parameter because it seems that you're using $this->id instead of $in_id after confirmation delete this
* jmontoya
*/
public function removeCategory()
{
$category = Database::getManager()->find('Chamilo\\CoreBundle\\CQuizCategory', $this->id);
if (!$category) {
return false;
}
//Only admins can delete global categories
$courseId = $category->getCId();
//Only admins can delete global categories
if (empty($courseId) && !api_is_platform_admin() || api_is_question_manager()) {
return false;
}
$repo = Database::getManager()->getRepository('ChamiloCoreBundle:CQuizCategory');
$repo->removeFromTree($category);
// clear cached nodes
Database::getManager()->clear();
return true;
}
/**
* Set footer parameters
*/
private function set_footer_parameters()
{
global $_configuration;
//Show admin data
//$this->assign('show_administrator_data', api_get_setting('show_administrator_data'));
if (api_get_setting('show_administrator_data') == 'true') {
//Administrator name
$administrator_data = get_lang('Manager').' : '.Display::encrypted_mailto_link(
api_get_setting('emailAdministrator'),
api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))
);
$this->assign('administrator_name', $administrator_data);
}
//Loading footer extra content
if (!api_is_platform_admin()) {
$extra_footer = trim(api_get_setting('footer_extra_content'));
if (!empty($extra_footer)) {
$this->assign('footer_extra_content', $extra_footer);
}
}
//Tutor name
if (api_get_setting('show_tutor_data') == 'true') {
// Course manager
$id_course = api_get_course_id();
$id_session = api_get_session_id();
if (isset($id_course) && $id_course != -1) {
$tutor_data = '';
if ($id_session != 0) {
$coachs_email = CourseManager::get_email_of_tutor_to_session($id_session, $id_course);
$email_link = array();
foreach ($coachs_email as $coach) {
$email_link[] = Display::encrypted_mailto_link($coach['email'], $coach['complete_name']);
}
if (count($coachs_email) > 1) {
$tutor_data .= get_lang('Coachs').' : ';
$tutor_data .= array_to_string($email_link, CourseManager::USER_SEPARATOR);
} elseif (count($coachs_email) == 1) {
$tutor_data .= get_lang('Coach').' : ';
$tutor_data .= array_to_string($email_link, CourseManager::USER_SEPARATOR);
} elseif (count($coachs_email) == 0) {
$tutor_data .= '';
}
}
$this->assign('session_teachers', $tutor_data);
}
}
if (api_get_setting('show_teacher_data') == 'true') {
// course manager
$id_course = api_get_course_id();
if (isset($id_course) && $id_course != -1) {
$teacher_data = '';
$mail = CourseManager::get_emails_of_tutors_to_course($id_course);
if (!empty($mail)) {
$teachers_parsed = array();
foreach ($mail as $value) {
foreach ($value as $email => $name) {
$teachers_parsed[] = Display::encrypted_mailto_link($email, $name);
}
}
$label = get_lang('Teacher');
if (count($mail) > 1) {
$label = get_lang('Teachers');
}
$teacher_data .= $label.' : '.array_to_string($teachers_parsed, CourseManager::USER_SEPARATOR);
}
$this->assign('teachers', $teacher_data);
}
}
/* $stats = '';
$this->assign('execution_stats', $stats); */
}
/**
* Build the modify-column of the table
* @param int $user_id The user id
* @return string Some HTML-code
*/
function modify_filter($user_id, $row, $data)
{
global $is_allowed_to_track, $charset;
$user_id = $data[0];
$course_info = $_course = api_get_course_info();
$current_user_id = api_get_user_id();
$sessionId = api_get_session_id();
$type = isset($_REQUEST['type']) ? intval($_REQUEST['type']) : STUDENT;
$result = "";
if ($is_allowed_to_track) {
$result .= '<a href="../mySpace/myStudents.php?' . api_get_cidreq() . '&student=' . $user_id . '&details=true&course=' . $_course['id'] . '&origin=user_course&id_session=' . api_get_session_id() . '" title="' . get_lang('Tracking') . '" >
<img border="0" alt="' . get_lang('Tracking') . '" src="../img/icons/22/stats.png" />
</a>';
}
// If platform admin, show the login_as icon (this drastically shortens
// time taken by support to test things out)
if (api_is_platform_admin()) {
$result .= ' <a href="' . api_get_path(WEB_CODE_PATH) . 'admin/user_list.php?action=login_as&user_id=' . $user_id . '&sec_token=' . $_SESSION['sec_token'] . '">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> ';
}
if (api_is_allowed_to_edit(null, true)) {
if (empty($sessionId)) {
$isTutor = isset($data['is_tutor']) ? intval($data['is_tutor']) : 0;
$isTutor = empty($isTutor) ? 1 : 0;
$text = get_lang('RemoveTutorStatus');
if ($isTutor) {
$text = get_lang('SetTutor');
}
$disabled = '';
if ($data['user_status_in_course'] == STUDENT) {
$result .= Display::url($text, 'user.php?' . api_get_cidreq() . '&action=set_tutor&is_tutor=' . $isTutor . '&user_id=' . $user_id . '&type=' . $type, array('class' => 'btn btn-default ' . $disabled)) . ' ';
}
}
// edit
if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true' or api_is_platform_admin()) {
// unregister
if ($user_id != $current_user_id || api_is_platform_admin()) {
$result .= '<a class="btn btn-small btn-danger" href="' . api_get_self() . '?' . api_get_cidreq() . '&type=' . $type . '&unregister=yes&user_id=' . $user_id . '" title="' . get_lang('Unreg') . ' " onclick="javascript:if(!confirm(\'' . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES, $charset)) . '\')) return false;">' . get_lang('Unreg') . '</a> ';
} else {
//$result .= Display::return_icon('unsubscribe_course_na.png', get_lang('Unreg'),'',ICON_SIZE_SMALL).'</a> ';
}
}
} else {
// Show buttons for unsubscribe
if ($course_info['unsubscribe'] == 1) {
if ($user_id == $current_user_id) {
$result .= '<a class="btn btn-small btn-danger" href="' . api_get_self() . '?' . api_get_cidreq() . '&type=' . $type . '&unregister=yes&user_id=' . $user_id . '" title="' . get_lang('Unreg') . ' " onclick="javascript:if(!confirm(\'' . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES, $charset)) . '\')) return false;">' . get_lang('Unreg') . '</a> ';
}
}
}
return $result;
}
//todo @this validation could be in a function in group_portal_manager
if (empty($group_id)) {
api_not_allowed(true);
} else {
$group_info = $usergroup->get($group_id);
if (empty($group_info)) {
api_not_allowed(true);
}
$is_member = $usergroup->is_group_member($group_id);
if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) {
api_not_allowed(true);
}
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
$group_role = $usergroup->get_user_group_role(api_get_user_id(), $group_id);
if (api_is_platform_admin() || in_array($group_role, array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR))) {
$usergroup->delete_topic($group_id, $topic_id);
Display::addFlash(DIsplay::return_message(get_lang('Deleted')));
header("Location: group_view.php?id={$group_id}");
exit;
}
}
$content = null;
$social_right_content = '';
if (isset($_POST['action'])) {
$title = isset($_POST['title']) ? $_POST['title'] : null;
$content = $_POST['content'];
$group_id = intval($_POST['group_id']);
$parent_id = intval($_POST['parent_id']);
if ($_POST['action'] == 'reply_message_group') {
$title = cut($content, 50);
/**
* @param int $userId
* @param array $groupInfo
* @param int $sessionId
*
* @return bool
*/
public static function userHasAccessToBrowse($userId, $groupInfo, $sessionId = 0)
{
if (empty($groupInfo)) {
return false;
}
if (api_is_platform_admin()) {
return true;
}
if (api_is_allowed_to_edit(false, true)) {
return true;
}
$groupId = $groupInfo['id'];
$tutors = self::get_subscribed_tutors($groupId, true);
if (in_array($userId, $tutors)) {
return true;
}
if ($groupInfo['status'] == 0) {
return false;
}
if (self::user_has_access($userId, $groupId, self::GROUP_TOOL_FORUM) || self::user_has_access($userId, $groupId, self::GROUP_TOOL_DOCUMENTS) || self::user_has_access($userId, $groupId, self::GROUP_TOOL_CALENDAR) || self::user_has_access($userId, $groupId, self::GROUP_TOOL_ANNOUNCEMENT) || self::user_has_access($userId, $groupId, self::GROUP_TOOL_WORK) || self::user_has_access($userId, $groupId, self::GROUP_TOOL_WIKI) || self::user_has_access($userId, $groupId, self::GROUP_TOOL_CHAT)) {
return true;
}
if (api_is_course_coach() && $groupInfo['session_id'] == $sessionId) {
return true;
}
return false;
}
/**
* Checks whether a user is teacher in the current course
* @return bool True if the user can be considered a teacher in this course, false otherwise
*/
public function isTeacher()
{
return api_is_course_admin() || api_is_coach() || api_is_platform_admin();
}
function check_lock_permissions()
{
if (api_is_platform_admin()) {
return true;
} else {
if ($this->is_locked()) {
api_not_allowed();
}
}
}
Database::query($sql);
if ($origin == 'tracking_course') {
//Redirect to the course detail in lp
header('location: exercise.php?course=' . Security::remove_XSS($_GET['course']));
exit;
} else {
//Redirect to the reporting
header('location: ../mySpace/myStudents.php?origin=' . $origin . '&student=' . $student_id . '&details=true&course=' . $course_id . '&session_id=' . $session_id);
exit;
}
}
}
$actions = null;
if ($is_allowedToEdit && $origin != 'learnpath') {
// the form
if (api_is_platform_admin() || api_is_course_admin() || api_is_course_tutor() || api_is_course_coach()) {
$actions .= '<a href="admin.php?exerciseId=' . intval($_GET['exerciseId']) . '">' . Display::return_icon('back.png', get_lang('GoBackToQuestionList'), '', ICON_SIZE_MEDIUM) . '</a>';
$actions .= '<a href="live_stats.php?' . api_get_cidreq() . '&exerciseId=' . $exercise_id . '">' . Display::return_icon('activity_monitor.png', get_lang('LiveResults'), '', ICON_SIZE_MEDIUM) . '</a>';
$actions .= '<a href="stats.php?' . api_get_cidreq() . '&exerciseId=' . $exercise_id . '">' . Display::return_icon('statistics.png', get_lang('ReportByQuestion'), '', ICON_SIZE_MEDIUM) . '</a>';
$actions .= '<a id="export_opener" href="' . api_get_self() . '?export_report=1&exerciseId=' . intval($_GET['exerciseId']) . '" >' . Display::return_icon('save.png', get_lang('Export'), '', ICON_SIZE_MEDIUM) . '</a>';
// clean result before a selected date icon
$actions .= Display::url(Display::return_icon('clean_before_date.png', get_lang('CleanStudentsResultsBeforeDate'), '', ICON_SIZE_MEDIUM), '#', array('onclick' => "javascript:display_date_picker()"));
// clean result before a selected date datepicker popup
$actions .= Display::span(Display::input('input', 'datepicker_start', get_lang('SelectADateOnTheCalendar'), array('onmouseover' => 'datepicker_input_mouseover()', 'id' => 'datepicker_start', 'onchange' => 'datepicker_input_changed()', 'readonly' => 'readonly')) . Display::button('delete', get_lang('Delete'), array('onclick' => 'submit_datepicker()')), array('style' => 'display:none', 'id' => 'datepicker_span'));
}
} else {
$actions .= '<a href="exercise.php">' . Display::return_icon('back.png', get_lang('GoBackToQuestionList'), '', ICON_SIZE_MEDIUM) . '</a>';
}
//Deleting an attempt
if (($is_allowedToEdit || $is_tutor || api_is_coach()) && isset($_GET['delete']) && $_GET['delete'] == 'delete' && !empty($_GET['did']) && $locked == false) {
$exe_id = intval($_GET['did']);
}
// When loading a chamilo page do not include the hot courses and news
if (!isset($_REQUEST['include'])) {
if (api_get_setting('show_hot_courses') == 'true') {
$hot_courses = $controller->return_hot_courses();
}
$announcements_block = $controller->return_announcements();
}
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('announcements_block', $announcements_block);
$controller->tpl->assign('home_page_block', $controller->return_home_page());
$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
$controller->tpl->assign('notice_block', $controller->return_notice());
$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
$controller->tpl->assign('help_block', $controller->return_help());
if (api_is_platform_admin() || api_is_drh()) {
$controller->tpl->assign('skills_block', $controller->return_skills_links());
}
if (api_is_anonymous()) {
$controller->tpl->setLoginBodyClass();
}
// direct login to course
if (isset($_GET['firstpage'])) {
api_set_firstpage_parameter($_GET['firstpage']);
// if we are already logged, go directly to course
if (api_user_is_login()) {
echo "<script type='text/javascript'>self.location.href='index.php?firstpage=" . Security::remove_XSS($_GET['firstpage']) . "'</script>";
}
} else {
api_delete_firstpage_parameter();
}
/**
* Removes the category with id=in_id from the database if no question use this category
* @todo I'm removing the $in_id parameter because it seems that you're using $this->id instead of $in_id after confirmation delete this
* jmontoya
*/
public function removeCategory()
{
global $app;
$category = $app['orm.ems']['db_write']->find('\\Entity\\CQuizCategory', $this->id);
if (!$category) {
return false;
}
//Only admins can delete global categories
$courseId = $category->getCId();
//Only admins can delete global categories
if (empty($courseId) && !api_is_platform_admin() || api_is_question_manager()) {
return false;
}
$repo = $app['orm.ems']['db_write']->getRepository('Entity\\CQuizCategory');
$repo->removeFromTree($category);
// clear cached nodes
$app['orm.ems']['db_write']->clear();
return true;
}
while ($infos = Database::fetch_array($rs)) {
$arr_infos[] = $infos['user_id'];
}
}
}
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
if (api_is_multiple_url_enabled()) {
$tbl_access_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$access_url_id = api_get_current_access_url_id();
$sql = "SELECT u.user_id,lastname,firstname,username\n FROM {$tbl_user} u\n LEFT JOIN {$tbl_access_rel_user} a\n ON(u.user_id= a.user_id)\n WHERE\n status='1' AND\n active = 1 AND\n access_url_id = {$access_url_id} " . $order_clause;
} else {
$sql = "SELECT user_id,lastname,firstname,username\n FROM {$tbl_user}\n WHERE\n status = '1' AND\n active = 1 " . $order_clause;
}
$result = Database::query($sql);
$coaches = Database::store_result($result);
if (!api_is_platform_admin() && api_is_teacher()) {
$userInfo = api_get_user_info();
$coaches = [$userInfo];
}
Display::display_header($tool_name);
$tool_name = get_lang('ModifySessionCourse');
api_display_tool_title($tool_name);
?>
<div class="session-course-edit">
<form method="post" action="<?php
echo api_get_self();
?>
?id_session=<?php
echo $id_session;
?>
if (empty($group_info)) {
api_not_allowed(true);
}
$is_member = GroupPortalManager::is_group_member($group_id);
if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) {
api_not_allowed(true);
}
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
$group_role = GroupPortalManager::get_user_group_role(
api_get_user_id(),
$group_id
);
if (api_is_platform_admin() || in_array(
$group_role,
array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR)
)
) {
GroupPortalManager::delete_topic($group_id, $topic_id);
header(
"Location: groups.php?id=$group_id&action=show_message&msg=topic_deleted"
);
}
}
// save message group
if (isset($_POST['token']) && $_POST['token'] === $_SESSION['sec_token']) {
if (isset($_POST['action'])) {
*/
$pathopen = isset($_REQUEST['pathopen']) ? $_REQUEST['pathopen'] : null;
// Including the global initialization file
require_once '../inc/global.inc.php';
$current_course_tool = TOOL_TRACKING;
$course_info = api_get_course_info();
$from_myspace = false;
$from = isset($_GET['from']) ? $_GET['from'] : null;
if ($from == 'myspace') {
$from_myspace = true;
$this_section = "session_my_space";
} else {
$this_section = SECTION_COURSES;
}
// Access restrictions.
$is_allowedToTrack = api_is_platform_admin() || api_is_allowed_to_create_course() || api_is_session_admin() || api_is_drh() || api_is_course_tutor();
if (!$is_allowedToTrack) {
api_not_allowed();
exit;
}
// Including additional libraries.
require_once api_get_path(SYS_CODE_PATH) . 'resourcelinker/resourcelinker.inc.php';
// Starting the output buffering when we are exporting the information.
$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
$session_id = intval($_REQUEST['id_session']);
if ($export_csv) {
ob_start();
}
if (empty($session_id)) {
$session_id = api_get_session_id();
}
$this_section = SECTION_TRACKING;
api_block_anonymous_users();
$htmlHeadXtra[] = api_get_jqgrid_js();
$interbreadcrumb[] = array("url" => "index.php", "name" => get_lang('MySpace'));
Display::display_header(get_lang('Sessions'));
$export_csv = false;
if (isset($_GET['export']) && $_GET['export'] == 'csv') {
$export_csv = true;
}
/* MAIN CODE */
if (isset($_GET['id_coach']) && $_GET['id_coach'] != '') {
$id_coach = intval($_GET['id_coach']);
} else {
$id_coach = api_get_user_id();
}
if (api_is_drh() || api_is_session_admin() || api_is_platform_admin()) {
$a_sessions = SessionManager::get_sessions_followed_by_drh(api_get_user_id());
if (!api_is_session_admin()) {
$menu_items[] = Display::url(Display::return_icon('stats.png', get_lang('MyStats'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "auth/my_progress.php");
$menu_items[] = Display::url(Display::return_icon('user.png', get_lang('Students'), array(), ICON_SIZE_MEDIUM), "index.php?view=drh_students&display=yourstudents");
$menu_items[] = Display::url(Display::return_icon('teacher.png', get_lang('Trainers'), array(), ICON_SIZE_MEDIUM), 'teachers.php');
$menu_items[] = Display::url(Display::return_icon('course.png', get_lang('Courses'), array(), ICON_SIZE_MEDIUM), 'course.php');
$menu_items[] = Display::url(Display::return_icon('session_na.png', get_lang('Sessions'), array(), ICON_SIZE_MEDIUM), '#');
}
$actionsLeft = '';
$nb_menu_items = count($menu_items);
if ($nb_menu_items > 1) {
foreach ($menu_items as $key => $item) {
$actionsLeft .= $item;
}
}
<?php
/* See license terms in /license.txt */
//require_once '../../main/inc/global.inc.php';
//Add the JS needed to use the jqgrid
$htmlHeadXtra[] = api_get_jqgrid_js();
$allowed = api_is_platform_admin() || api_is_drh();
if (!$allowed) {
api_not_allowed(true);
}
Display::display_header();
//jqgrid will use this URL to do the selects
$url = api_get_path(WEB_AJAX_PATH) . 'model.ajax.php?a=get_user_list_plugin_widescale';
//The order is important you need to check the the $column variable in the model.ajax.php file
$columns = array(get_lang('Username'), get_lang('Firstname'), get_lang('Lastname'), get_lang('Password'));
//Column config
$column_model = array(array('name' => 'username', 'index' => 'username', 'width' => '100', 'align' => 'left'), array('name' => 'firstname', 'index' => 'firstname', 'width' => '100', 'align' => 'left'), array('name' => 'lastname', 'index' => 'lastname', 'width' => '100', 'align' => 'left'), array('name' => 'exam_password', 'index' => 'exam_password', 'width' => '100', 'align' => 'left', 'sortable' => 'false'));
//Autowidth
$extra_params['autowidth'] = 'true';
//height auto
$extra_params['height'] = 'auto';
//With this function we can add actions to the jgrid (edit, delete, etc)
/*
$action_links = 'function action_formatter(cellvalue, options, rowObject) {
return \'<a href="?action=edit&id=\'+options.rowId+\'">'.Display::return_icon('edit.png',get_lang('Edit'),'',ICON_SIZE_SMALL).'</a>'.
' <a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png',get_lang('Copy'),'',ICON_SIZE_SMALL).'</a>'.
' <a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png',get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>'.
'\';
}';*/
$action_links = null;
$room = UserManager::get_extra_user_data_by_field(api_get_user_id(), 'exam_room');
$current_user_id = api_get_user_id();
// setting the name of the tool
if (UserManager::is_admin($user_id)) {
$tool_name = get_lang('AssignSessionsToPlatformAdministrator');
} else {
if ($user_info['status'] == SESSIONADMIN) {
$tool_name = get_lang('AssignSessionsToSessionsAdministrator');
} else {
$tool_name = get_lang('AssignSessionsToHumanResourcesManager');
}
}
$add_type = 'multiple';
if (isset($_GET['add_type']) && $_GET['add_type'] != '') {
$add_type = Security::remove_XSS($_REQUEST['add_type']);
}
if (!api_is_platform_admin() && !api_is_session_admin()) {
api_not_allowed(true);
}
function search_sessions($needle, $type)
{
global $_configuration, $tbl_session_rel_access_url, $tbl_session, $user_id;
$xajax_response = new XajaxResponse();
$return = '';
if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$assigned_sessions_to_hrm = SessionManager::get_sessions_followed_by_drh($user_id);
$assigned_sessions_id = array_keys($assigned_sessions_to_hrm);
$without_assigned_sessions = '';
if (count($assigned_sessions_id) > 0) {
$defaults['activate_start_date_check'] = 1;
}
$form->addElement('html', '<div id="start_date_div" style="display:' . $display_date . ';">');
$form->addElement('datepicker', 'publicated_on', get_lang('PublicationDate'), array('form_name' => 'form1'), 5);
$form->addElement('html', '</div>');
//End date
$form->addElement('checkbox', 'activate_end_date_check', null, get_lang('EnableEndTime'), array('onclick' => 'activate_end_date()'));
$display_date = 'none';
if ($expired_on != '0000-00-00 00:00:00' && !empty($expired_on)) {
$display_date = 'block';
$defaults['activate_end_date_check'] = 1;
}
$form->addElement('html', '<div id="end_date_div" style="display:' . $display_date . ';">');
$form->addElement('datepicker', 'expired_on', get_lang('ExpirationDate'), array('form_name' => 'exercise_admin'), 5);
$form->addElement('html', '</div>');
if (api_is_platform_admin()) {
$form->addElement('checkbox', 'use_max_score', null, get_lang('UseMaxScore100'));
$defaults['use_max_score'] = $_SESSION['oLP']->use_max_score;
}
$form->addElement('checkbox', 'subscribe_users', null, get_lang('SubscribeUsersToLP'));
$extraField = new ExtraField('lp');
$extra = $extraField->addElements($form, $_SESSION['oLP']->get_id());
$htmlHeadXtra[] = '<script src="' . api_get_path(WEB_LIBRARY_PATH) . 'javascript/tag/jquery.fcbkcomplete.js" type="text/javascript" language="javascript"></script>';
$htmlHeadXtra[] = '<link href="' . api_get_path(WEB_LIBRARY_PATH) . 'javascript/tag/style.css" rel="stylesheet" type="text/css" />';
$htmlHeadXtra[] = '<script>
$(function() {
' . $extra['jquery_ready_content'] . '
});
</script>';
//Submit button
$form->addElement('style_submit_button', 'Submit', get_lang('SaveLPSettings'), 'class="save"');
echo '';
break;
}
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$tbl_my_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_my_user_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_access_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$search = Database::escape_string($_REQUEST['q']);
$access_url_id = api_get_multiple_access_url() == 'true' ? api_get_current_access_url_id() : 1;
$user_id = api_get_user_id();
$is_western_name_order = api_is_western_name_order();
$likeCondition = " AND (firstname LIKE '%{$search}%' OR lastname LIKE '%{$search}%' OR email LIKE '%{$search}%') ";
if (api_get_setting('social.allow_social_tool') == 'true' && api_get_setting('message.allow_message_tool') == 'true') {
// All users
if (api_get_setting('message.allow_send_message_to_all_platform_users') == 'true' || api_is_platform_admin()) {
if ($access_url_id != 0) {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_user} u LEFT JOIN {$tbl_access_url_rel_user} r ON u.user_id = r.user_id\n WHERE\n u.status <> 6 AND\n u.user_id <> {$user_id} AND\n r.access_url_id = {$access_url_id}\n {$likeCondition} ";
} else {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_user} u\n WHERE\n u.status <> 6 AND\n u.user_id <> {$user_id}\n {$likeCondition} ";
}
} else {
//only my contacts
if ($access_url_id != 0) {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_access_url_rel_user} r, {$tbl_my_user_friend} uf\n INNER JOIN {$tbl_my_user} AS u\n ON uf.friend_user_id = u.user_id\n WHERE\n u.status <> 6 AND\n relation_type NOT IN(" . USER_RELATION_TYPE_DELETED . ", " . USER_RELATION_TYPE_RRHH . ") AND\n uf.user_id = {$user_id} AND\n friend_user_id <> {$user_id} AND\n u.user_id = r.user_id AND\n r.access_url_id = {$access_url_id}\n {$likeCondition}";
} else {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_my_user_friend} uf\n INNER JOIN {$tbl_my_user} AS u\n ON uf.friend_user_id = u.user_id\n \t WHERE\n u.status <> 6 AND\n relation_type NOT IN(" . USER_RELATION_TYPE_DELETED . ", " . USER_RELATION_TYPE_RRHH . ") AND\n uf.user_id = {$user_id} AND\n friend_user_id <> {$user_id}\n {$likeCondition}";
}
}
} elseif (api_get_setting('social.allow_social_tool') == 'false' && api_get_setting('message.allow_message_tool') == 'true') {
if (api_get_setting('message.allow_send_message_to_all_platform_users') == 'true') {
Display::display_warning_message(get_lang('NoLinkItems'), false);
}
if (isset($_GET['addallcat'])) {
Display::display_normal_message(get_lang('AddAllCat'), false);
}
if (isset($confirmation_message)) {
Display::display_confirmation_message($confirmation_message, $filter_confirm_msg);
}
if (isset($warning_message)) {
Display::display_warning_message($warning_message, $filter_warning_msg);
}
if (isset($move_form)) {
Display::display_normal_message($move_form->toHtml(), false);
}
// LOAD DATA & DISPLAY TABLE -
$is_platform_admin = api_is_platform_admin();
$is_course_admin = api_is_allowed_to_edit();
//load data for category, evaluation and links
if (!isset($_GET['selectcat']) || empty($_GET['selectcat'])) {
$category = 0;
} else {
$category = Security::remove_XSS($_GET['selectcat']);
}
// search form
$simple_search_form = new UserForm(UserForm::TYPE_SIMPLE_SEARCH, null, 'simple_search_form', null, api_get_self() . '?selectcat=' . $selectcat);
$values = $simple_search_form->exportValues();
$keyword = '';
if (isset($_GET['search']) && !empty($_GET['search'])) {
$keyword = Security::remove_XSS($_GET['search']);
}
if ($simple_search_form->validate() && empty($keyword)) {
/**
* Check if a user has access to a certain group tool
* @param int $user_id The user id
* @param int $group_id The group id
* @param constant $tool The tool to check the access rights. This should be
* one of constants: GROUP_TOOL_DOCUMENTS
* @return bool True if the given user has access to the given tool in the
* given course.
*/
public static function user_has_access($user_id, $group_id, $tool)
{
// Admin have access everywhere
if (api_is_platform_admin()) {
return true;
}
// Course admin also have access to everything
if (api_is_allowed_to_edit()) {
return true;
}
switch ($tool) {
case self::GROUP_TOOL_FORUM:
$state_key = 'forum_state';
break;
case self::GROUP_TOOL_DOCUMENTS:
$state_key = 'doc_state';
break;
case self::GROUP_TOOL_CALENDAR:
$state_key = 'calendar_state';
break;
case self::GROUP_TOOL_ANNOUNCEMENT:
$state_key = 'announcements_state';
break;
case self::GROUP_TOOL_WORK:
$state_key = 'work_state';
break;
case self::GROUP_TOOL_WIKI:
$state_key = 'wiki_state';
break;
case self::GROUP_TOOL_CHAT:
$state_key = 'chat_state';
break;
default:
return false;
}
$user_is_in_group = self::is_user_in_group($user_id, $group_id);
// Check group properties
$group_info = self::get_group_properties($group_id);
if (empty($group_info)) {
return false;
}
if ($group_info[$state_key] == self::TOOL_NOT_AVAILABLE) {
return false;
} elseif ($group_info[$state_key] == self::TOOL_PUBLIC) {
return true;
} elseif (api_is_allowed_to_edit(false, true)) {
return true;
} elseif ($group_info['tutor_id'] == $user_id) {
//this tutor implementation was dropped
return true;
} elseif ($group_info[$state_key] == self::TOOL_PRIVATE && !$user_is_in_group) {
return false;
} else {
return $user_is_in_group;
}
}
